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(54) System and method of associating devices to secure commercial transactions performed 
over tlie internet 



(57) The invention discloses how to associate com- 
munications devices so as to carry out secure transac- 
tions over an untrusted network i.e., the Internet. The 
communications devices are assumed to be Independ- 
ently capable of communicating with an electronic com- 
mercial-like site managing a directory of legitimate users 
which all possess a token e.g., a chip-card. Then, when- 
ever one user desires to carry out a secure transaction 
it first prepares it from a communications device featur- 
ing convenient interfaces e.g., a personal computer with 
large display and keyboard. When done, signature of 
the secure transaction must be obtained from another 



communications device through which the legitimate us- 
er is reachable and which Is enabled with the token it 
possesses. When called from the commercial-like site 
the second communications device can thus, check, 
sign and transmit back to the commercial-like site the 
signed secure transaction where its final processing can 
go on. Therefore, the invention combines built-in fea- 
tures of standard communications devices to conven- 
iently carry through elaborated secure transactions that 
would otherwise require added features such as large 
displays and keyboards to wireless mobile devices or 
chip-card reader to personal computers. 
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Description 

Field of tlie Invention 

[0001] The present invention relates generally to the 
Internet and more particularly applies to electronic com- 
merce and to commercial-like transactions that take 
place over the Internet requiring that originator of such 
a transaction should neither be able to masquerade as 
someone else (originator must be authenticated) nor 
can later deny to have actually effected the transaction 
(non-repudiation). 

Background of the Invention 

[0002] Commerce over the Internet is dramatically ex- 
panding. It involves all sorts of transactions implying the 
movement of electronic money. All of this is taking place 
over what is, basically, a very unsecured networic. 
Therefore, based on cryptography, numerous tech- 
niques and methods have been devised not only ensur- 
ing confidentiality of the transactions but also, this is of- 
ten even more important, authentication, integrity and 
non-repudiation. Authentication is required to ascertain 
the origin of a transaction so as no one should be able 
to masquerade as someone else. Integrity Is key to 
make sure that a transaction has not been modified, un- 
intentionally or maliciously, on its way through the net- 
work to destination e.g., a server aimed at processing 
the customer orders. Finally, non repudiation is essen- 
tial to make sure that a completed transaction, that may 
involve a lot of money, may not just be denied later on 
by any of the participants. 

[0003] Accessing the Internet is mainly achieved now- 
adays from a PC (Personal Computer), a WS (Work Sta- 
tion) or any computer-like device capabie of running a 
piece of software, referred to as a browser, in order to 
be able to get on the World-Wide Web (or Just the Web) 
the ubiquitous applteation that has accompanied the ex- 
plosive growth of the Internet In past years. Thus, an 
internet commerce site Is a particular Web site aimed at 
handling commercial transactions. A well-known site is 
e.g., located at http://www.amazon.com/. It is a huge vir- 
tual bookstore selling also music and videos. They claim 
that millions of people, from many countries, have in- 
deed made online shopping on their site. Although such 
sites also claim they are completely safe (since one has 
to disclose them a credit card number to buy something) 
they actually fail meeting satisfactorily all of the criteri- 
ons here above mentioned that is, authentication, integ- 
rity and non-repudiation. To reach completely these ob- 
jectives connecting PC's would need to be equipped 
with smart card readers and users would have to carry 
a token i.e., intelligent chip-cards or smart-cards so that 
authentication based on the knowledge (PIN or pass- 
word) and possession (card) principle can be carried 
out. Smart-cards are also suitable for storing certificates 
and encryption keys securely. Smart cards with an inte- 



grated crypto-processor can implement cryptographic 
functions directly on the card so that the keys never 
leave the smart card. For example, a digital signature, 
which generally consists in encrypting, with user private 

5 key, a digest obtained through the application of a hash 
function over transaction content then, appended to it 
so that recipient may later check the transaction with us- 
er public key and make sure that it has not been altered 
on its way and has well been originated by whom pos- 

10 sesses the corresponding private key. This eliminates 
any possibility of the key falling into the wrong hands. 
IHowever, ail of this is only possible is PC is indeed 
equipped with the proper hardware i.e., a card reader 
and the corresponding software or device driver to per- 

15 form the adaptation with the OS (Operating System) 
running on the PC. This is a new technology and a new 
type of I/O port to be added to PC's. This has a cost 
which does not fit well with the general trend that wants 
to reduce as much as possible the operational expenses 

20 of a private or enterprise network hence, requiring to 
lower the cost of temiinal equipment's and TCO (Total 
Cost of Ownership). Thus, in practice, when manufac- 
tured, PC's are still seldom equipped with such card 
readers. Although a separate chip card reader can al- 

25 ways be later added to a particular PC this requires that 
the con'esponding software, the device driver, be also 
installed thus further personalizing it. 
[0004] On the other hand another even more explo- 
sive market is the one of mobile wireless communica- 

30 tions first mainly driven by mobile digital cellular phones 
however, rapidly evolving to cover other applications in 
relation with the Internet such as e-mail in a first place. 
It Is anticipated that electronic commerce applications 
such as personal banking, stock trading, gambling, tick- 

35 et reservations and shopping will soon become com- 
monly available on mobile phones, Hence, the security 
of data communications over wireless networks has be- 
come a major concern to mobile commerce businesses 
and users which has triggered the development of prod- 

40 ucts to build secure systems that solve the core require- 
ments of electronic commerce security already here 
above mentioned namely: confidentiality, authentica- 
tion, integrity and non-repudiation. Also, standards are 
being put in place to control the development of such 

45 products and make sure that they may inter operate. 
The Wireless Application Protocol (WAP) Forum (http:// 
www.wapforum.org) has thus become the de facto 
woridwide standard for providing internet communica- 
tions and advanced telephony services on digital mobile 

50 phones, pagers, personal digital assistants and other 
wireless terminals. Therefore, all these devices, contra- 
ry to PC's, are promised to be upfront equipped with all 
necessary features and functions so as to guarantee se- 
curity of electronic commerce transactions. Neverthe- 

55 less, they all also have inherent limited display capability 
and rudimentary user interface along with limited 
processing power, battery life and storage capabilities. 
[0005] Therefore it is a broad object of the invention 
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to combine the advantages of PC's which have great 
display and user interface capabilities with the built-in 
security features of modem wireless mobile devices so 
as to enable convenient and secure electronic com- 
merce transactions. s 
[0006] Further objects, features and advantages of 
the present Invention will become apparent to the ones 
skilled in the art upon examination of the following de- 
scription in reference to the accompanying drawings. It 
is Intended that any additional advantages be incorpo- 
rated herein. 

Summary of the Invention 

[0007] A method and a system of associating commu- 
nications devices to carry out a secure transaction over 
an untrusted networkfrom an electronic commercial-like 
site are disclosed. The communications devices are In- 
dependently capable of communicating with the elec- 
tronic commercial-like site which manages a directory 
of legitimate users each having an Identification record. 
The users are also assumed to possess a token e.g., a 
chip-card. Then, whenever one legitimate user desires 
to cany out a secure transaction this latter is first pre- 
pared with the help of a first communications device, 
featuring convenient human being interfaces e.g., a per- 
sonal computer. When done, an approval of the secure 
transaction content is forwarded to the commercial-like 
site, from the first communications device. When the ap- 
proval is received in the commercial-like site the Identi- 
fication of a second communications device, through 
which the legitimate user is reachable, is retrieved from 
Its identification record. This triggers the Issuing of a re- 
quest, from the commercial -I ike server towards the sec- 
ond communications device, to have the secure trans- 
action signed. iHence, signature of the secure transac- 
tion is carried out with the second communications de- 
vice, enabled by the token of the legitimate user thus, 
obtaining a signed secure transaction which is transmit- 
ted back to the commercial-like site which performs a 
final checking in order to complete the secure transac- 
tion. 

[0008] Therefore, the method and system of the in- 
vention combine built-in features of standard communi- 
cations devices to conveniently carry out secure com- 
mercial-like transactions over an intrusted network i.e., 
the Internet. Especially, the invention neither requires 
that standard personal computers or work station be 
equipped with a chip-card reader nor that wireless mo- 
bile devices need to have large displays and keyboards 
to be able to carry through elaborated transactions. 

Brief Description of the Drawings 

[0009] 

Figure 1 depicts the state of the art where the Inter- 
net can be accessed independently either 



from a personal computer or a wireless mo- 
bile device. 

Figure 2 Is an example of a commercial transaction, 
per the invention, in which a personal com- 
puter and a wireless mobile device cooper- 
ate to carry It out. 

Figure 3 shows an example of the correlation table, 
according to the Invention, cross referenc- 
ing the transaction Identifiers that permits 
to perform a secure transaction. 

Figure 4 illustrates the overall architecture of the 
system through an example involving a 
personal computer and a cellular mobile 
phone. 

Detailed Description of tiie Preferred Embodiment 

[0010] Figure 1 illustrates current art where a user 
[100] may have access to a commercial Internet Web 
site e.g., the AMAZON.COM virtual bookstore [105] (at 
http://www.amazon.com) to perform a transaction such 
as buying a book. This can be done e.g., from a personal 
computer (PC) [110] having a connection to the Internet 
[115] through a modem or a LAN (local area network) 
and running a browser capable of conveniently display- 
ing pages from the here above Web site so as user [1 00] 
can gather all necessary information on what it Is buying. 
Current PC's are always equipped with large display 
monitors [1 20] having at least a 1 5-inch wide screen (di- 
agonal) capable of displaying 800x600 pixels or more. 
PC's are also always equipped with a 100-key+ key- 
board [125] and a pointing device, usually a mouse 
[130]. The same user [100] is also commonly carrying 
a mobile telephone [140] or any equivalent wireiess 
portable device which are now able to connect to the 
Internet too [145]. Moreover, they are personalized with 
a token e.g., a smart-card or chip-card [155] so as user 
[100] may be uniquely identified. However, contrary to 
PC's, those wireless portable devices have very poor 
display capabilities [1 60], limited to a few lines of a few 
characters, and have rudimentary numeric keyboards 
[150]. 

[0011] Figure 2 depicts a typical transaction accord- 
ing to the invention, involving a client PC machine [200] 
(or a work station or any computer-like device) and a 
wireless portable mobile device [210] e.g., a mobile 
phone. Transaction is initiated from the client PC at step 
[201 ] when a user, having access to this PC, must reach 
a remote server, typically through the Internet or through 
any public and/or private network or combination of, on 
which a business application [230] is running setting up 
the commercial-like site user desires to deal with. In the 
example chosen in figure 1 this is the amazon.com vir- 
tual bookstore. Then, the first action from the application 
is to request [231] client authentication. User responds 
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to the request complying with whatever method is in ef- 
fect In the server i.e., provides credentials to be recog- 
nized as a legitimate user. The standard practice Is to 
send [202] a user ID with a password. More sophisticat- 
ed methods might also require the sending, by the client 
and/or the server, of certificates issued by a third party 
i.e., a CA (Certificate Authority), trusted by user and/or 
server. Irrespective of the method enforced in the server, 
when satisfied, this latter eventually authenticates the 
user [232] unless (this Is not shown) user falls answering 
satisfactorily in which case the transaction is obviously 
aborted by the server. Ail of this can actually be imple- 
mented from various well known methods l<nown by 
those skilled in the art. Many variants exist. As an ex- 
ample, certificates could be X.509 certificates as de- 
scribed in RFC2459 of the IETF (Request For Com- 
ments of the Internet Engineering Task Force) used by 
the Web browsers supporting SSL (Secure Socket Lay- 
er) protocol which Is being standardized underthe name 
of TLS (Transport Layer Security) protocol in RFC2246. 
As far as Web server is concerned the only other as- 
sumption is that it is capable of generating static and 
dynamic HTML (Hyper Text Markup Language) pages, 
the language of the Web, that are thus view able from 
the Web browser client machine [200]. 
[0012] When the user has been recognized as a le- 
gitimate user by the server it is then permitted to browse 
the server HTML pages of the application so as to gather 
all the necessary information regarding the transaction 
user wants to perform. This assumes that multiple ex- 
changes may have to take place between the client ma- 
chine [203] and the server [233] and generally require 
that users fill virtual fomns [204] I.e., dynamic HTML pag- 
es fonnatted by the server [234], that this latter will use 
to interpret the content of the transaction so as to deter- 
mine what user intends to do. In the previous simple ex- 
ample of the amazon.com server, a virtual shopping cart 
is filled e.g. , with book(s) that the user desire to acquire. 
While filling its cart a user has thus, optionally, the pos- 
sibility of consulting all the information provided by the 
server about the books, their authors, the press critics 
along with their prices, availability, delivery options and 
generally all sorts of data that a customer Is willing to 
know before proceeding to a virtual cash register. 
[001 3] Thus, when the user is finally satisfied with the 
content of the transaction thus, having completed the 
overall preparation phase [240] it eventually approves it 
[205] from the client PC. Still referring to the here above 
example of the amazon.com bookstore this occurs 
when it has finished filling its virtual shopping cart. In 
another example this is because user has finalized its 
today list of shares he wants to sell or buy through the 
server of its preferred broker. Obviously, although not 
explicitly shown, user has always the freedom of abort- 
ing the transaction any time before completion. Or, the 
transaction may be aborted just because something 
wrong happens between the client PC and the server 
such as an interruption of the communication. However, 



normally, the transaction is approved by the user from 
the client PC [205]. At this point, in most of today's com- 
mercial Web site, the essential of the transaction is over 
If one excepts the sending by the server of a closing 
5 message confirming the terms and content of the trans- 
action also thanking the user that is, the Web site cus- 
tomer However, all of this rests on the good faith of both 
parties. The owner of the commercial Web site might 
not sent the ordered items. The user might use a fake 
10 or stolen credit card number or it may later deny to have 
really effected the transaction. To overcome this, meth- 
ods have been devised so as none of the parties in- 
volved can masquerade as someone else nor may later 
deny to have effected the transaction. However, this re- 
is quires some form of strong authentication and electronic 
signature that the user side may only fulfilled if the client 
PC is indeed equipped with the proper equipment that 
Is, a smart-card reader and its related supporting soft- 
ware or 'driver', so as the user of the client PC may prove 
20 it is the one It pretends to be through the possession of 
a token i.e., its smart-cart. However, standard PCs and 
working stations are seldom equipped nowadays with 
such a piece of hardware and there is no clear sign that 
this will become a standard feature (like a mouse) in a 
25 foreseeable future even though, it is obviously always 
possible to add, on a particular PC, a separate card 
reader and Install the proper software to drive it. 
[001 4] On the other hand, while Internet and the elec- 
tronic commerce was dramatically growing, an even 
30 more explosive market is the one of the wireless mobile 
devices; first of all, cellular mobile phones, which have 
been universally accepted. Because the latest versions 
of these devices are now able to connect to the Internet 
too and also, because their use Is conditioned to the in- 
35 sertion of a smart-card, so that the bearer Is identified, 
they become the device of choice to perform strong au- 
thentication and to approve and sign commercial trans- 
actions. Therefore, the method of the Invention as- 
sumes that the user of the client PC, that has Initiated 
40 the transaction, is also carrying such a wireless mobile 
portable device. Then, transaction goes on with step 
[235] when Web server needs to obtain the signature of 
It by the user. To do so, server manages at least one 
table, an example of which is further described in figure 
45 3, cross-referencing all legitimate user IDs that are per- 
mitted to access the Web site along with their mobile 
device ID and public key (held in the user own token e. 
g., a smart-card). Hence, table is looked- up to retrieve 
user phone number and smartcard public key. After 
so which, the transaction data are fonnatted and optionally 
signed [236] using the user smart-card publk: key also, 
optionally, further countersigned with the server private 
key (so as user is made certain of the origin of the trans- 
action if necessary) and the Web server dials automat- 
es ically the user mobile phone [221 ], using WTA standard 
previously discussed, providing for mechanisms that al- 
low origin servers to deliver data to a mobile terminal 
even though this latter has not issued any request. 
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Meanwhile, Web server holds PC Web request [222] un- 
til mobile device eventually responds. This part of the 
signature process, In which business application is is- 
suing the signature request [250], is shown to be imple- 
mented here mainly under the form of a so-called s 
java^M Servlet [220]. While Java^w is, among other 
things, a popular, simple, object-oriented, distributed 
and Interpreted general-purpose programming lan- 
guage developed by Sun Microsystems (Sun Microsys- 
tems, Inc., 901 San Antonio Road, Palo Alto, CA 94303 io 
USA.) Java''^'^ Servlets are small, platform-independent 
Java^M programs that can be used to extend the func- 
tionality of a Web server in a variety of ways thus, are 
convenient to implement the signing function of the in- 
vention. However, this Is only one example of carrying 
out the invention. The ones skilled In the art will recog- 
nize that, without departing from the spirit of the Inven- 
tion, it may be implemented in many alternate equivalent 
ways. Especially, the signing process could be imbed- 
ded into the Web Server application so as the two proc- 20 
esses [220] and [230] are merged. When user accepts 
the incoming call on his mobile device, Web generated 
transaction content, optionally signed with user public 
key and possibly countersigned with server private key, 
may be checked by the smartcard if it is necessary to 25 
ascertain its origin [211]. Then, user is prompted to val- 
idate the transaction. At this point user may want to re- 
view the content of the transaction [212] received on Its 
mobile wireless device (which is sufficient in general to 
be sure what transaction Is being signed). Transaction 30 
may be displayed on the mobile screen, preferably in an 
abridged form for the sake of convenience, due to the 
limited capacity of the display of such devices. Alterna- 
tively, this step may just be replaced by the display of a 
number, associated with the transaction, a common 35 
practice when dealing with a Web server or ordering 
goods or services over the phone. This transaction 
number may thus be used as a correlator so as user is 
made certain of what transaction Is being validated. Af- 
ter this, smart-card Is requesting a PIN (personal iden- 40 
tification code) [213] so as transaction can now be 
signed with user private key [214]. Using a PIN to enable 
this operation is standard practice with current smart- 
cards. More sophisticated methods are soon to be wide- 
ly available. These methods have in common to use bl- 45 
ometric data e.g., the finger prints of the user are rec- 
ognized through an appropriate sensor placed on the 
smart-card. This will add definitively to the security 
hence, better contributing to reach the goats of the in- 
vention i.e., authentication, integrity and non-repudia- so 
tion of commercial transactions from standard widely 
available devk^es. At this point the overall process [260] 
to carry out signature of the secure transaction in user 
mobile device is over. Then, next step [215] consists In 
sending back to the server the signed transaction 55 
(signed with user private key). Business application run- 
ning on server thus, completes the signature cycle in a 
global checking step [270] including a completion step 




055 A2 8 

[223] for signing servlet [220], a checking step in server 
[237] utilizing user public key followed by the sending 
[238] of a last transaction status, under the fomi of a 
new Web page, to the client PC machine at the origin of 
the transaction. 

[001 5] Figure 3 Illustrates a prefen^ed embodiment of 
the cross-referencing table or directory mentioned in fig- 
ure 2 and required to carry out the invention. Table [300] 
lists the users [310] that are recognized by the Web 
server as being legitimate users authorized to deal with 
the business application. For each registered user, a 
mobile device ID number to call I.e., a phone number 
[320], Is first listed. Secondly, the public key [330], cor- 
responding to the token (smart-card) of the user, is re- 
corded too so that server holds, In an Identification 
record [340], for every user, all necessary Infomnatlon to 
carry out secure commercial transactions. The precise 
form under which table is actually implemented and the 
way It is searched when Interrogated is beyond the 
scope of the invention. Those skilled in the art will rec- 
ognize that numerous alternate ways e.g., tailored to fa- 
vor performance or memory size required, are feasible. 
As an example table could be implemented to obey the 
specifications of LDAP (Lightweight Directory Access 
Protocol) a protocol for accessing on-line directory serv- 
ices defined by the IETF (Internet Engineering Task 
Force) in RFC's (Request For Comments) especially, 
RFC 1 777. LDAP defines a relatively simple protocol for 
updating and searching directories running over TCP/ 
IP (the Internet suite of protocols). An LDAP directory 
entry Is a collection of attributes with a name, called a 
distinguished name (DN). The DN refers to the entry un- 
ambiguously. Each of the entry's attributes has a type 
and one or more values. The types are typically mne- 
monic strings, tike "cn" for common name, or "mail" for 
e-mail address. LDAP directory entries are an^anged in 
a hierarchical structure that reflects political, geograph- 
ic, and/or organizational boundaries. Entries represent- 
ing countries appear at the top of the tree. Below them 
are entries representing states or national organiza- 
tions. Below them might be entries representing people, 
organizational units, printers, documents, or just about 
anything else. Therefore, cross-referencing table of the 
Invention can advantageously be Implemented under 
the form of a customized LDAP directory. 
[0016] Figure 4 shows all the components of the sys- 
tem per the Invention. It involves a standard PC [400] or 
any computer-like machine capable of accessing, over 
the Internet or any combination of public/private net- 
works [405], a server [410] running the application i.e., 
a business application [420] core of a commercial-like 
site [430] that user [415] wants to deal with. Then, initial 
part of the transaction is thus conducted from the PC 
[400]. When user Is satisfied with contents and objects 
of the transaction It approves It. This enables the corre- 
sponding part of the business application [435] running 
over the server [41 0] and using one or more directory 
or cross-referencing table [425] aimed at logging the us- 
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ers permitted to access the business application, to trig- 
ger the sending of a signature request towards user's 
wireless mobile device e.g., its cellular mobile phone 
[460]. This is done through the network [405] and a wire- 
less gateway [440] operated e.g., according to the Wire- 
less Application Protocol (WAP). Hence, transaction 
may be approved from the token [460] that user pos- 
sesses (usually a smart-card) housing, among other 
things, its private key, in order to complete the transac- 
tion in signing it therefore, allowing to meet all the goals 
of a secure transaction namely, strong authentication, 
integrity and non-repudiation. 



Claims 

1. A method of associating communications devices 
[400] [450] to carry out a secure transaction over an 
untrusted network [405] from an electronic commer- 
cial-like site [430], said communkjations devices in- 
dependently capable of communicating with said 
electronic commercial-like site, said electronic com- 
mercial-like site managing a directory [425] of legit- 
imate users [415] each having an identification 
record [340], said legitimate users each possessing 
a token [460], said method comprising the steps of: 

when ever one of said legitimate users [41 5] de- 
sires to carry out a said secure transaction: 
preparing [240] said secure transaction from a 
first said communications device [400] featur- 
ing convenient human being interfaces [110] 
[120] [130] to communicate with said commer- 
ciai-like site [430]; 
when done: 

fonwarding to said commercial-like site, from 
said first communications device, an approval 
[205] of content of said secure transaction; 
when said approval is received in said commer- 
cial-like site for said secure transaction pre- 
pared by said legitimate user: 

retrieving [235] in said identification record 
[340] of said legitimate user an identifica- 
tion of a second communications device 
[320] through which said legitimate user is 
reachable; 

issuing [250] in said commercial-like server 
towards said second communications de- 
vice a request to have said secure trans- 
action signed; 



transmitting [215] said signed secure 
transaction back to said commercial-like 
site; 

5 checking [270] in said commerciai-iike site 

said signed secure transaction; 

thereby, completing said secure transaction. 

10 2. The method according to claim 1 wherein each said 
identification record [340] of said directory [300] in 
said commercial-like site includes: 

a user Identification [310] of a said legitimate 
15 user; 

a device identification [320] of a said second 
communications device through which said le- 
gitimate user is reachable; 

20 

a user public key [330] contained in asaid token 
owned by said legitimate user. 

3. The method according to any one of the previous 
25 claims wherein said token [460] of said legitimate 

user includes the storing of: 

a user private key; 
30 a personal identification number (PIN). 

4. The method according to any one of the previous 
claims wherein said preparing step includes the 
steps of: 

35 

accessing [201] a Web server business appli- 
cation [230] in said electronic commercial- like 
site [430]; 

40 providing, in response to a request for authen- 

tication [231] from said Web server business 
application, credentials [202] to be recognized 
as a legitimate user [232]; 

45 browsing [203] [233] said electronic commer- 

cial-like site; 

filling in [204] [234] all required Information to 
allow completion of said commercial-like trans- 
50 action. 

5. The method according to any one of the previous 
claims wherein said issuing step [250] includes the 
steps of: 



carrying out signature [260] of said secure 
transaction from said second communica- 
tions device enabled with said token of said 
legitimate user thus obtaining a signed se- 
cure transaction; 



15 



20 



30 



formatting [236], in said commerciat-like site, a 
request to have said secure transaction signed 
in said second communications device, said 
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step of formatting a request optionally Including 
the further steps of: 

signing origin of said request, said step of 
signing origin including: 

employing said user public key of said le- 
gitimate user; 

additionally employing a private key of said 
commercial-like site; 

forwarding [221], from said commercial-like 
site, to said second communications device 
said request; 

waiting [222] till said second communications 
responds. 



vice is a token enabled wireless mobile device. 

11. A system, in particular a server implementing a 
commercial-like site, comprising means adapted for 

s carrying out the method according to any one of the 
previous claims. 

12. A computer-like readable medium comprising in- 
structions for carrying out the method according to 

10 any one of the claims 1 to 1 0. 
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The method according to any one of the previous 
claims wherein said step of carrying out signature 
[260], In said second communications device, In- 
eludes the steps of: 

checking [21 1 ] said requestto have said secure 
transaction signed, said step of checking op- 
tionally including the further step of: 25 
authenticating origin of said request; 

displaying [212] content of said secure transac- 
tion; 



prompting [213] said legitimate user to enter 
said PIN of said token; signing [214] said re- 
quest with said user private key. 

The method according to ciaim 6 wherein said step 
of prompting [213] said legitimate user to enter said 
PIN Is replaced by the step of analyzing blometric 
data of said legitimate user. 

The method according to any one of the previous 
claims wherein said checking step [260], in said 
commercial-like site, includes the steps of: 



30 



35 



40 



detecting [223] completion of signature by said 
second communications device; 

checking [237] said signed request transaction 
with said public key of said legitimate user; 



fon/varding [238] a transaction status to said 
first communications device. 



so 



9. The method according to any one of the previous 
claims wherein said first communications device is 
a standard personal computer. ss 



10. The method according to any one of the previous 
claims wherein said second communications de- 



7 




EP1 161 055 A2 




Figure 1 



8 



EP 1 161 055 A2 



Web Client 
PC machine 



[201] 



^t[200] 



User Mobile 
Oeyice 

M210] 



Web Server 
Signing Serviet 

M220] 



Web Server 
Business 
Application 

l^^'K '|Z301 



Ciient connects 
to the WEB 



[20: 



User enters userlD PW 
and/or send certificate 




Server requests 
authentication 
(may sent certificate) 



Server authenticates 
user 



[203: 



Optional page 
navigations 



[204K 



Optional page 
navigations 



[234}^ I 



Fill in transaction fiat^' 



[240J- - 

Signing request( fir ancial transaction ) 



Issue HTML page(s) 
for 

[completing transaction 



[205h 



[23i 



Approve content of 
transaction 



^l|[ 211]>^ 



Web Server retrieves 
signing device number 



[260] 



Checking of 
signature request 



[ 212h^ ^ 



IVlobile phone 
display transaction 



[2 1 3h^ 



T 



Mobile requests 
smartcard PIN 



(2^;j 



[215; 



Smartcard signs 
transaction with 
private key 



[221 K I and public kev 

r--^ T 1 



Call mobile device, 
for signature 



[222h^ 



I 



Wait till mobile 
device signs 



Format request 
(optionally signed 
with user public key) 

[236p 



Mobile device sends 
back signed transactior 



[223h^ 



[250] 

-[270] ^ 



Signature complete 




Server checks 
signature 

(237k" 
t2 36h>v 



I 



Server sends 
transaction status to 
Web client 



Figure 2 



9 



EP 1 161 055 A2 



[300] 

UserlD Mobile Device ID 



User Public Key 



User#0001 



+33612345672 



030046021 8BEFC1 A4E3 
D4D6172^a2.0it696 



+33676543211 



[310} 



40A4B603G00302004F5 
53D4672616E63 



User#nnnn 



[320]- 



[330} 



+33614289024 



3A6525G0024FG002024 
FG00204B44700 



Figure 3 




^420] 



Signature 
Correlation 
.Servlet 



Business Application 



Directory of Users 
(Cross Ref . Table) 

UseriC Mobile PublicKey 



xxxx 



xxxxx 



xxxxxxx 



\ "-7^460] 
\ Wireless 
Y Mobile 
/" Device 



[430] 



Web Server f 



[425K 



Figure 4 



10 



This Page is Inserted by IFW Indexing and Scanning 
Operations and is not part of the Official Record 

BEST AVAILABLE IMAGES 

Defective images within this document are accurate representations of the original 
documents submitted by the applicant. 

Defects in the images include but are not limited to the items checked: 

□ BLACK BORDERS 

□ IMAGE CUT OFF AT TOP, BOTTOM OR SffiES 
^^ASED TEXT OR DRAWING 

y BLURRED OR ILLEGIBLE TEXT OR DRAWING 

□ SKEWED/SLANTED IMAGES 

□ COLOR OR BLACK AND WHITE PHOTOGRAPHS 

□ GRAY SCALE DOCUMENTS 

□ LINES OR MARKS ON ORIGINAL DOCUMENT 

□ R£FERENCE(S) OR EXHIBIT(S) SUBMITTED ARE POOR QUALITY 

□ OTHER: 

IMAGES ARE BEST AVAILABLE COPY. 
As rescanning these documents will not correct the image 
problems checked, please do not report these problems to 
the IFW Image Problem Mailbox. 



IS PAGE BLANK ipsPTO) 



